Developer Question - Build own agents to use Sentinel intelligence?

%3CLINGO-SUB%20id%3D%22lingo-sub-1938935%22%20slang%3D%22en-US%22%3EDeveloper%20Question%20-%20Build%20own%20agents%20to%20use%20Sentinel%20intelligence%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1938935%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20developer%20that%20would%20like%20to%20create%20a%20niche%20product%20to%20utilize%20information%20within%20the%20Sentinel%20intelligence%20feeds%20such%20as%20match%20urls%20to%20bad%20or%20malicious%20sources.%26nbsp%3B%3C%2FP%3E%3CP%3Esomething%20like%20Malwarebytes%20or%20what%20Microsoft%20does%20with%20ATP%20Defender.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eit%20is%20again%20selective%20purpose%20but%20can%20we%20use%20the%20Security%20Graph%20API%20for%20this%20and%20if%20so%20is%20it%20allowed%2C%20costs%3F%3C%2FP%3E%3CP%3EWe%20are%20new%20to%20developing%20with%20Microsoft%20cloud%20security%20services.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eis%20there%20a%20bad%20reason%20or%20simply%20too%20expensive%20...%20need%20some%20help%20in%20finding%20answers%20if%20it%20is%20a%20viable%20solution%20for%20us%3F%3C%2FP%3E%3CP%3ECheers%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1939325%22%20slang%3D%22en-US%22%3ERe%3A%20Developer%20Question%20-%20Build%20own%20agents%20to%20use%20Sentinel%20intelligence%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1939325%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F884952%22%20target%3D%22_blank%22%3E%40scrappy67%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20simplify%20the%20question%20even%20more%3A%3C%2FP%3E%3CP%3ECan%20we%20develop%20our%20own%20agents%20to%20send%20telemetry%20data%20to%20Sentinel%20and%20how%20do%20we%20go%20about%20calculating%20costs%3F%3C%2FP%3E%3CP%3Elastly%2C%20is%20this%20permitted%20as%20we%20would%20like%20to%20develop%20our%20own%20security%20agent%20for%20a%20particular%20purpose%20but%20utilize%20Microsoft%20Security%20intelligence%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1940327%22%20slang%3D%22en-US%22%3ERe%3A%20Developer%20Question%20-%20Build%20own%20agents%20to%20use%20Sentinel%20intelligence%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1940327%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F884952%22%20target%3D%22_blank%22%3E%40scrappy67%3C%2FA%3E%26nbsp%3BYou%20can%20send%20your%20own%20information%20into%20Azure%20Sentinel%20but%20keep%20in%20mind%20that%20the%20data%20will%20show%20up%20in%20a%20custom%20table.%26nbsp%3B%20You%20can%20populate%20one%20of%20the%20non-custom%20tables%20like%20SecurityEvents.%26nbsp%3B%20The%20costs%20would%20be%20based%20on%20how%20much%20data%20is%20ingested%2C%20just%20like%20any%20other%20feed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAFAIK%20there%20is%20no%20reason%20you%20cannot%20utilize%20Microsoft%20Security%20Intelligence%20although%20I%20don't%20work%20for%20Microsoft%20and%20I%20am%20by%20no%20means%20a%20licensing%20expert.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I have a developer that would like to create a niche product to utilize information within the Sentinel intelligence feeds such as match urls to bad or malicious sources. 

something like Malwarebytes or what Microsoft does with ATP Defender.

 

it is again selective purpose but can we use the Security Graph API for this and if so is it allowed, costs?

We are new to developing with Microsoft cloud security services.

 

is there a bad reason or simply too expensive ... need some help in finding answers if it is a viable solution for us?

Cheers

3 Replies

@scrappy67 

To simplify the question even more:

Can we develop our own agents to send telemetry data to Sentinel and how do we go about calculating costs?

lastly, is this permitted as we would like to develop our own security agent for a particular purpose but utilize Microsoft Security intelligence?

 

@scrappy67 You can send your own information into Azure Sentinel but keep in mind that the data will show up in a custom table.  You can populate one of the non-custom tables like SecurityEvents.  The costs would be based on how much data is ingested, just like any other feed.

 

AFAIK there is no reason you cannot utilize Microsoft Security Intelligence although I don't work for Microsoft and I am by no means a licensing expert.